Process of Network Security, The: Designing and Managing a Safe Network, 1st edition

  • Thomas A. Wadlow

Unfortunately, this item is not available in your country.

Overview

In The Process of Network Security, security specialist Thomas A. Wadlow reveals the approaches, techniques, and best practices that effectively secure the modern workplace. Written for network managers and administrators responsible for the security of large, enterprise-wide networks, this book focuses on security as a continuous process involving vigilant daily efforts in analysis, implementation, evaluation, and maintenance. It also emphasizes that in order to truly protect the enterprise, security professionals must consider not just individual machines, but the entire system--machines, people, and procedures.

The Process of Network Security discusses the many issues involved and walks you through the specific steps of setting up a secure system, focusing on standard operating procedures and day-to-day operations and maintenance. Providing a broad perspective on the challenge of enterprise security, this book covers a wide range of topics, including:
  • Understanding the nature of attacks and attackers
  • Setting security goals
  • Creating a secure network design
  • Building a team
  • Fortifying network components
  • Implementing physical and personnel security
  • Monitoring and ordering a network
  • Discovering and handling an actual attack
  • Dealing with law enforcement authorities

You will find many experience-based observations, insights, and sound advice to point you in the right direction and to help you avoid potentially dangerous pitfalls and threats that face your network security. The book also addresses the "catch-22" that security specialists face: how to demonstrate the value of security when proof of its success cannot always be thoroughly tracked or measured.

Written in a conversational tone, The Process of Network Security conveys both the specific information and the general mindset that will enable you to anticipate, prevent, and respond to network threats.



0201433176B04062001

Table of contents



Preface.


Acknowledgments.


1. Understanding Security.

What Are We Protecting?

Thinking Like a Defender.

The Reader of This Book.

The Organization We Are Protecting.

The Process of Security.

How Do You Know That the Process Is Working?

Trend Analysis.



2. Writing a Security Policy.

Pitfalls.

Staging a Coup

Contents of the Policy



3. Who Is Attacking You?

The Nature of the Beast.

Security as an Evolutionary Strategy.



4. Security Design Process.

Thinking About Security.

Principles of Security.

The Shape of Your Defenses.

The Shape of Your Security Organization.



5. Building a Security Team.

Employee Characteristics.

Job Functions in a Security Team.

Training and Cross-Training.

Interviewing Security Candidates.

Background Checks.

Hiring.

Firing.



6. Fortifying Network Components.

What Is a Network Component?

Component Types.

Selecting Components.

Component Categories.

Fortifying Components.

System Fortification.



7. Personnel Security.

Management Issues.

Hiring Process.

Trouble with Employees.

Firing Process.

Resignation Process.

Contractors.



8. Physical Security.

What Are the Threats?

Physical Security Basics.

Going Overboard.

Backups.

Denial of Service.

Electrical Power.

Telephones.

Access Control Logging and Log Analysis.



9. Monitoring Your Network.

The Shape of the Logging System.

What to Log.

Logging Mechanisms.

Time.

Sensors.

Logging System Design.

Log Management.

Log Analysis.



10. Auditing Your Network.

Why Should You Audit Your Network?

Types of Audit.

What Should the Audit Measure?

Who Should Do the Audit?

Expectations.



11. Quantifying the Value of Security.

Perception of Value.

Process of Explaining Security Issues.

Measurements.



12. Preparing for an Attack.

Getting Started.

War Games.

Post-Mortem Analysis.

Developing a Response Plan.

Personnel.

Safety Equipment.

Survival Pack Contents.

Choosing Hiding Places.

Set Your Own Ground Rules.



13. Handling an Attack.

Exciting, but Not Fun.

Thinking Pathologically.

About Attacks.

What You Can Do.

What You Should Not Do.

Response Team.

Priorities During an Attack.



14. Forensics.

Getting Started.

The Art of Investigation.

The Clean Room.

Analyzing the Contaminated File System.

Analysis Tools.

What to Look For.



15. Log Analysis.

Integrity Checks.

Log Analysis.

The Hunt.

Developing Theories.

Legalities.



16. Damage Control.

Priorities.

Advance Preparation.

Post-Mortem Analysis.



Appendix A: Glossary. 0201433176T04062001

Published by Addison-Wesley Professional (March 2nd 2000) - Copyright © 2000